Changing attitudes to risk management in the financial services industry have created a demand for innovative technology that addresses new regulations and creates an accurate and consistent enterprise-wide view of risk. IBM, which was ranked at number one for enterprise-wide risk management in the Risk Technology Rankings 2015, explains why adopting a multi-layered approach is essential.
For financial organisations that wish to develop a successful compliance response to the wide range of new and updated regulatory programmes currently being rolled out across global financial markets, the development of an enterprise-wide view of risk has become crucial.
By their very nature, these new regimes intend to overhaul how organisations monitor, measure and manage risk, in addition to placing enhanced reporting responsibilities on regulated entities. As a result, there is a growing need to create systems that promote consistency across the organisation in terms of processes, controls and data, and that will also increase overall organisational visibility for risk management purposes. Financial firms must also ensure that compliance systems provide a certain degree of flexibility to deal with future changes in financial regulation. The next generation of risk and compliance solutions not only needs to satisfy current regulations, but must also be able to adapt to future market developments.
The search for security
According to Dr Neil Dodgson, global head, Customer Solutions Group at IBM Risk Analytics, greater capital requirements and increased market volatility, as well as tighter spreads, have driven the demand for systems that can incorporate enterprise risk data into millisecond front-office pricing. He says the search for tools and technology that can operate in real time to provide deeper organisational and external market insight has led to a sharp increase in demand for enterprise-wide risk management capabilities. This type of approach allows organisations to monitor, measure and manage risk in a holistic way, as opposed to traditional silo approaches, which tend to be more costly, less efficient and typically do not provide the necessary level of visibility across the organisation.
Demand for enterprise-wide risk management capabilities is likely to continue to grow apace. Dodgson says, “In the risk management space we are seeing a real change, a transformation by the banks, and the belief that this change will accelerate is not only our opinion but also that of IBM’s clients. This has been driven by many factors, but the first and most important is regulatory change.”
Following the onset of the global financial crisis in 2008, legislators and regulators in financial centres around the world have drawn up vast new frameworks or overhauled existing regimes in a bid to create a series of circuit breakers that will stymie or even prevent future market disruptions. The road has been long – many regulatory programmes arising from pledges made by heads of state at the 2009 Group of 20 summit are only now coming to fruition. Parts of the US Dodd-Frank Wall Street Reform and Consumer Protection Act are still being fleshed out after it was signed into law in 2010 and, in Europe, the Markets in Financial Instruments Directive II is not due to come into force until January 2018, following years of post-crisis discussion, debate and, more recently, delays. Meanwhile, other regulatory changes have been added to the mix, such as those introduced by the Basel Committee on Banking Supervision (BCBS), including the Fundamental review of the trading book (FRTB) and the BCBS’s principles for effective risk data aggregation and reporting, known as BCBS 239.
“The regulations that were launched around 2010 are only starting to manifest themselves now,” Dodgson says. “And we are not just seeing regulations in one specific area of risk such as market risk or counterparty credit risk – banks are seeing regulatory change affecting all areas of their business.” As a result, he says, many financial institutions are now looking for vendors or solution providers that can help them develop an enterprise-wide approach to risk management. And, with all of the issues that must now be addressed by regulated entities, it is not surprising that these organisations are turning to third parties for help. In addition to the compliance demands relating to interpreting each new regulation, collating and analysing the data and then producing the results, there is the added pressure of known and unknown regulatory fines, as well as the need to cut costs to meet shareholder demands.
Traditionally, many firms had a view of enterprise-wide risk management limited to presenting the organisation’s risk profile information in an executive report or on a risk dashboard. These dashboards remain an important tool for financial firms and for IBM in particular – it was voted the top provider of risk dashboards in Risk’s 2015 rankings of technology providers. IBM was also ranked number one in credit, debit and funding valuation adjustments calculation and number one overall in enterprise-wide risk management.
Building on a data-centred foundation
But new regulations are forcing organisations to build a more multi-layered approach to risk management that, while still using such tools, is centred on data. BCBS 239, for example, focuses on risk data aggregation and risk reporting practices within financial institutions. In developing a more robust, accurate and timely view of an organisation’s risks, dashboards are now increasingly seen as the final layer – data is the real foundation. BCBS 239 places greater responsibility on regulated entities to ensure the underlying data that populates their risk systems is correct and to ensure they can manage multiple source systems effectively. In line with these recent developments, IBM has changed its approach to enterprise risk management to concentrate on helping organisations strengthen this foundation of data. “Once an organisation has those solid foundations to produce the necessary data, it can do the analytics and the dashboarding on top,” Dodgson says. “So that’s how we’ve changed our enterprise risk approach.”
In 2015, IBM and Deloitte announced a partnership that will see the two firms collaborate closely to build the next generation of risk management solutions. The partnership will leverage Deloitte’s deep risk and regulatory expertise with IBM’s latest developments in cognitive and analytics technology to address the challenges faced in managing risk and compliance effectively.
The first solution from this partnership is Regulatory Compliance Analytics, a cloud-based offering that analyses and interprets impacting regulation and provides a clear link from specific regulatory paragraphs to suggested good practice controls. Clients are able to compare their existing control frameworks against good practice to highlight gaps and prioritise and manage remediation. Furthermore, the analytics and reporting capability within the platform supports efficient reporting and management of regulatory change.
The fusion of Deloitte regulatory content and expert assessment with the latest IBM technologies in a single platform and data framework not only reduces the cost of compliance management significantly, but also supports efficient regulatory change or remediation.
Cognitive analytics shows way forward
Due to the fast-paced nature of financial markets – and the accompanying development of financial regulations – compliance solutions must have a high degree of flexibility. As such, IBM has turned its attention to finding ways of applying cognitive analytics to the compliance tools that financial firms are building into their risk management infrastructure to respond to new regulations or amendments to these regulatory regimes as markets evolve.
“Ultimately, the IBM and Deloitte solution will work across all major regulations, with the idea that, if there is a change in the requirements, the cognitive capabilities will detect that and show the impact on the organisation,” Dodgson says, referring to IBM Cognitive Computing technologies, which can analyse large amounts of data, providing information and insights. IBM and Deloitte will continue to address clients’ needs in this area by focusing on regulations and cognitive analytics in 2016 and beyond. In the case of BCBS 239, for example, a solution with cognitive capabilities could interpret the standards and assess the best controls, allowing an organisation to gauge its level of compliance and tweak its systems to match the new rules. According to Dodgson, this will reduce the pressure currently on thousands of people working in compliance within large banks: “We are using these cognitive solutions to assist banks, asset managers and institutions in interpreting how well their controls actually comply with current regulations. This is an exciting topic for us and it is getting extremely good traction out in the market.”
In the same way that banks are taking a more enterprise-wide approach to risk management, IBM is developing ways to combine its qualitative and quantitative solutions. “IBM is one of the few vendors that can bring the real quantitative and qualitative sides together, so that’s a big area of focus right now. For example, for an organisation facing the FRTB, we want to provide not only the analytics but also the controls and business processes that will give the organisation a complete value proposition to meet that regulation.”
Financial institutions have been aware of the need to adapt to a new regulatory era for many years, but taking firm steps towards building a new risk management infrastructure has been difficult in the face of regulatory uncertainty. However, through technological advances in areas such as cognitive analytics, it is possible for firms to position themselves to change and adapt as these new rules are implemented and start to impact operations. By combining such innovative tools with an enterprise-wide approach, financial firms can develop consistent, accurate controls and gain the necessary level of visibility across the organisation to satisfy regulators and continue to compete in the market. Dodgson says, “The same enterprise technologies can be applied to unlock value in the business by, for example, optimising capital, developing better risk-based pricing, and so on. The aim is to help banks not only with their defence – that is, compliance – but also with their offence, by helping them to build competitive advantage.”